Jinshan Words "screen tetles technology reveals (discussion)
This article was the earliest post in the Arctic Star Forum. At that time, he weddo (as if he is also MVP) is there.
I haven't had it, but I don't know who helped me collect it (very grateful), I found Google.
?
This is what I wrote before I entered Jinshan. I should not disclose the company's technical secret.
And these seems that it seems to have been some time.
?
The discussion discussed at the time is only the word implementation under Win31 and Win9x.
?
I am not responsible for taking the word module after I am in Jinshan, but I am doing this thing than I am more good than I do.
He is very skilled with Softice debugging code, and there is a talent in reverse engineering.
?
?
"East" is my pen name at that time.
?
?
"Jinshan Words" screen tetles technology revealed (discussion)
?
Topic screen taking the technical series lecture (1) author is also east
Many people are interested in this issue. The reason is that this technology makes people feel magical and there is also a business value. Now the Dictionary Market Jinshan Words account for absolute advantage, so there is no future in dictionary. I just think so, so I have mastered this technology, but I didn't go to dictionary software. I only made a similar software I used, I originally wanted to make a sharing software, but my words were "stealing", and there were not many vocabulary, so it's almost, the word library is too small, only What is the use of words? And the words are shared. But since many people want to know this technology, I will not retain. I am ready to tell all the details of this technology multiple times. Approximately twice a week. People who want to know often take a look!
I. Basic knowledge First I want to edit this procedure to need some basic knowledge. It will use VC , including 16/32. Wild Windows API, especially GDI, kernel part. I know the language, use the Softice debugging program because this program is best debugged with Softice.
II. Basic principles In the Window 3.x era, the character output function provided by the Windows system is only a few. Textout ExtTextOut DrawText ... where DrawText is ultimately implemented with EXTTEXTOUT.
So all of Windows all character outputs are implemented by calling textout and EXTTEXTOUT. Therefore, if you can modify the port of these two functions, let the program call your own function to call the system's character output, you can get all the characters outputted by Windows.
In the Windows95 era, the principle is basically unchanged, but 95 is complicated. At start, some word software written under Windows3.x can still be used. But I came out of IE4. As a result, many dictionary software was eliminated because IE4 did not support IE4, but it also created opportunities for some software, such as Jinshan word. In fact, IE4's problem is not complicated, but its output is a Unicode character, which is output with TextOutw and ExtTextoutw. I know this, as long as it is intercepted. However, the implementation method is complicated, and there will be detailed explanations in the future. Now I have an IE5, and the words are not easy to use. Microsoft is really
# ^ @ # $% $
* & ^ & # @ # @ ........ I found a solution after study, but there are some questions, sometimes wrong, continue to study, I hope everyone will discuss.
There is also WindowsNT, the principle is the same, but the implementation method is completely different from 95.
III. Technical points to achieve words, mainly solve the following technical problems. 1. Intercept the API entry to get the parameters of the API. 2. Safely sneak into Windows, well compatible with all versions of Windows 3. Calculate the words and letters where the mouse is located. 4. If you do 32-bit programs in Window95, it also involves the technology of WINDOWS32 / 16 mixed programming. Go here today! It is best to prepare a Softice for 95/98 and Jinshan Words, let us first analyze how others do.
Welcome to E-mail: Yeedong@163.net
Subject screen taking a word technology series (2) Author is also east
I am sorry to let everyone wait! I looked at some people's reply, I found that many people are still not clear about the principle of taking words. First of all, let me explain the HOOK problem. The word hook is indeed, and he uses two hooks one of the Windows Standard Hook, install a callback function through SETWINDOWHOOK, it installed a mouse hook, in time to respond to the message of the mouse, no words Too big relationship. Another hook is an API hook, which is the core technology of taking the words. He wrote a JMP statement in the beginning of Textout and other functions, jumps to your code. You can't see this jump statement with Softice because it only exists in a moment of taking the word, usually not. You can set a read or breakpoint bpm textout in Textout, you will find the code to write the hook.
/ **************************** So I stressed, I want to learn this technology must understand compilation Language and proficiency use Softice. ******************************* /
As for the unappromant function from DUMP from CJKTL95, it is related to Windows32 / 16 mixed programming, I will mention them later.
Let me tell the process of taking the words.
0 Judging whether the mouse stays in one place for a period of time 1 get the current position of the mouse to generate a rectangle 3 in the mouse position 3 Mount API hook 4 let this rectangle generate heavy-in message 5 In the hook, output character 6 calculate the mouse which Top of the word, save this word 7 If the word is obtained, the API hook is removed. After a period of time, the API hook 8 is removed from the word checklin, and the interpretation box is displayed.
Many steps have some difficulty, so people can do a perfect word dictionary in China.
Among them, 0, 1, 2, 7, and 8 are relatively simple.
Let me say how to hang hook: The so-called hook is actually written in the Windowsapi entrance to write a JMP XXXX: XXXX statement, jump to your code.
The steps are as follows: 1. Get the Windows API entry, implement the top five bytes of the API entry, because JMP is 0xea, the address is 4 bytes 3. Write the jump statement This step is the most complex Windows code. The paragraph is originally can't be written, but Microsoft has left the back door. There is an unappromant function that is alloccstodsalias, uint WinAPI AlloccStodsalias (uint); you can take the entry of this function, put the selection of the code segment of the API (if you don't know what is a selector, you will go to the learning protection mode programming. ) Pass him, he returns a writable data segment selector. This selector is exhausted. Synthesizing a pointer with a new selection and an offset of the API portfolio You can write Windows code segment.
This is the core Dongdong, more than a word, more than a word, and all the Chinese platforms are all useful. Now I know why there are few words that are so simple, but I know young? Because too many products use him, too many companies rely on him to make money. These companies and products are: Chinese Star, Four Practice, Antarctic Stars, Jinshan Words, ZHAO Mingtai Dongfang Express, Roboword, Dictionary, Instant Chinese Expert, etc. Wait. . . . There are also at least 20 small companies. Although their specific implementation is different, the principle is the same. I have written it, and there is no thing in the outline. If there is a chance, I will sort out, let's take a look! Xixi ...
?
Theme about the discussion of the word on the screen (3) Author is also east
Let everyone wait, I am sorry, I am busy with hard drives before, too misfortune.
This is a truth.
Let's take TEXTOUT as an example.
Below is the code:
/ / Intercept Textout
Typedef uint (WinApi * Alloccstodsalias) (UINT);
Alloccstodsalias Alloccstodsalias;
Byte newValue [5]; // Save new entry code BYTE OLDVALUE [5]; // API original entry code unsigned char * address = null; // can be written API entry address uint dsselector = null; // Pointing API Officer Writable Select Word Offsetry = NULL; / / API offset
Bool BHOOKALREADY = false; // Whether to hang the sign of the hook
Bool INITHOOK () {hgdi; hkernel = getModuleHandle ("kernel"); if (hkernel == null) Return False;
AlloccStodsalias = (Allocstodsalias) getProcaddress (Hkernel, "AlloccStodsalias"); // This is an unapproved API, so take the address IF (alloccstodsalias == null) Return False;
HGDI = GetModuleHandle ("GDI"); if (hmgdi == null) Return False;
FarProc Entry = getProcaddress (HGDi, "Textout"); if (entry == null) Return False;
OFFSETENTRY = (Word); // Get the selector DSSselector = AllocCstodsalias (fp_seg (entry)) of the API code segment; // Assign an equivalent writable selector Address = (unsigned char *) mk_fp (DSSELECTOR, OFFSETENTRY); / / Synthetic address
NEWVALUE [0] = 0xEA; * ((DWORD *) (NewValue 1)) = (dword) mytextout;
OldValue [0] = address [0]; * ((DWORD *) (OldValue 1)) = * ((DWORD *) (Address 1));}
Bool Clearhook () {if (BhookAlready) hookoff ();
Freeselector (dsslector);
Bool hookon () {if (! = 0; i <5; i ) {address [i] = newValue [i];} bhongready = true;}} bool hookoff ()}} BOOL HOOKFF ()} ) {for (int i = 0; i <5; i ) {address [i] = oldValue [i];} bhookalready = false;}}
// Hook function, must have the same parameters as the API and the declaration BOOL WinApi MyTextout (HDC HDC, INT NXSTART, INT NYSTART, LPCSTR LPSZSTART, UINT CBSTRING) {BOOL RET; hookoff (); Ret = Textout (HDC, NXStart, NYSTART, LPSZSTRING, CBString; // TEXTOUT hOOKON (); return ret;}
The above code is an example of a simplest hanging API hook. I want to remind everyone that this code is written, I have lost it, I didn't compile it because I didn't have VC 1.52. So the code may be wrong.
It is recommended to use Borland C to compile 16-bit. If you use VC 1.52, you should change an option.
In the Option of VC 1.52, there is a memory mode setting, moderator mode, and "DS! = SS DS LOAD ON FUNCTION Entry.", Remember, otherwise the system will crash.
If you don't understand, you can write to me.
Yeedong@163.net
